Why an on-demand testing approach?
Unlike the KEEP-IT-SECURE-24 service, which aims to maintain a low-risk level through continuous vulnerability identification actions, the KEEP-IT-SECURE On-Demand service focuses on incisive risk reduction, adapting to each organisation's schedule and specific needs.
The tests are directed at selected applications according to their complexity. Identified vulnerabilities are recorded on a service support platform, which enables the management of the entire lifecycle of these vulnerabilities and the dynamic generation of customised reports.
Most application tests are carried out manually and meticulously, aiming to identify various vulnerabilities such as Input Validation failures, Injection, Broken Access Control, Privilege Escalation, among others.
The service includes:
A flexible engagement model that allows clients to schedule and customise penetration tests according to their needs and priorities;
Efficient resource and budget allocation through the use of service credits;
Comprehensive testing coverage, including web application, network, and mobile device testing;
Access to our vulnerability management platform to monitor and manage identified risks;
Expert support and guidance from our experienced consultants throughout the entire process.
Our Methodology
Devoteam Cyber Trust employs a penetration testing methodology based on the best practices available in the market, with a focus on the following methodologies:
NIST SP800-115 - "Technical Guide to Information Security Testing and Assessment";
ISACA IS Auditing Procedure: P8 Security Assessment - Penetration Testing and Vulnerability Analysis;
PTES - Penetration Testing Execution Standard;
OWASP Testing Guide;
PCI/DSS Penetration Testing Guidance.
In a general manner, the methodology employed consists of the described phases, executed cyclically, covering the various tasks and tests to be performed within the scope of a penetration test.
